Overview

overview

10

Static

static

3

600ea8be78...d1.exe

windows7-x64

1

600ea8be78...d1.exe

windows10-2004-x64

10

Resubmissions

22-08-2024 16:26

240822-txrmmawhlh 10

21-08-2024 12:58

240821-p7nw9szblg 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fe0f54c271c3e45ca11e05b597de2cdfa6c1bc85589233c3e21b14bb7424f290

  • Size

    185KB

  • Sample

    240822-txrmmawhlh

  • MD5

    abc1920cfba1af10e7f54affe065e74d

  • SHA1

    4a7705c98cba13a518d72db0792768ba33b59df5

  • SHA256

    fe0f54c271c3e45ca11e05b597de2cdfa6c1bc85589233c3e21b14bb7424f290

  • SHA512

    3d80d7ab3d4f5f93b25889ca37e9ea63ef671fe96ef209187b8a3982da153b838e502091b9752c44d09d2c3c7510850ed03db50b0d4e42ed5a7381c0381d944e

  • SSDEEP

    3072:diE2chk+fDRhOvHiB5DCb1ptrx5y8nmELgd4viIeb/ixw5ua4avWviyyRTAcCt:diqhiQAZpw8Qb/ixKb4CyyREcCt

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

157.20.182.172:3232

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      600ea8be786d5acc5fa71c8dd19297049a4e9f1fe6a597c2ebcc9785acd8bdd1.mal_

    • Size

      331KB

    • MD5

      63b427f3875eaf7475491877a49f71c5

    • SHA1

      8d6a1d3ce30eec4284cc3303fdf12a22a12f2a82

    • SHA256

      600ea8be786d5acc5fa71c8dd19297049a4e9f1fe6a597c2ebcc9785acd8bdd1

    • SHA512

      c9ee7f62f028aafe4a2753e50c61a1ae25816d586f6eb080d6ff20be0f7d27f8b5b384ad473625042e76b2e708cf0407e52d8a6fda5c9f1ffc0caf40a4636a3c

    • SSDEEP

      6144:eEjIabdDyAnk2S5dE1hQqX9lecEEMH9O1BNI:eAIabd7nkc1h9X9Mo7I

    Score
    10/10
    asyncratdefaultrat

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Async RAT payload

      rat
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks